1. Field of the Invention
The present invention relates generally to computer security, and more particularly, to techniques for patching vulnerabilities while facilitating detection, characterization and/or prediction of subsequent attempts to exploit a patched vulnerability.
2. Description of the Related Art
The vulnerability of computer systems, configurations, software and information codings and protocols to unauthorized access or use is widely recognized, at least by information security professionals. These vulnerabilities range from minor annoyances to critical national security risks. Today, given the ubiquitous nature of internet communications and the value of information and transactions hosted on the public internet, vulnerabilities are discovered and exploited at alarming rates. Automated tools facilitate the probing of systems and discovery of vulnerable systems and configurations. Once vulnerabilities are identified, exploits can be globally disseminated and employed.
Patches (or updates) seek to address known vulnerabilities. However, even after vulnerabilities and/or exploits are identified and patches created, vulnerabilities persist in many system or software instances because patches are not universally distributed or installed. In some cases, users and administrators are simply unaware of the vulnerabilities or patches. In some cases, the flux of security patches or number of systems requiring update can be daunting, frustrating or overwhelming even for the most vigilant of users or administrators. In some cases, patches themselves have been known to create new problems, vulnerabilities or incompatibilities. As a result, many users and organizations prefer not to be early adopters of patches, even those that purport to address critical security risks.
While substantial corporate and government resources have been dedicated to the identification of threats, distribution of advisories, and mitigation of vulnerabilities, software and computer system vendors, users and administrators are often faced with two basic strategies: (i) patch early, often and universally or (ii) patch only after vulnerabilities are well characterized and patches are stable.